North America

(Extract of Thales’ CTI datas) < Back

> Countries List :

Canada, Mexico

Contextual analysis of CIS and Geocyber risks

The Americas can be divided into three geographic regions: North America, which includes the United States, Canada and Mexico; Central America; and South America. This hemisphere is marked by its cultural contrasts and, in particular, by its economic diversity.

The United States and Canada are rich and developed, while other countries in the region are considered to be emergent or low-income economies. The Americas are beset by many geopolitical tensions taking the form of border conflicts between countries or even social conflicts within them. The role of the United States, sometimes described as dominant, is often cited as the cause.

More accurately, dominance on the continent can be described as being shared between the United States and Canada, the region’s two most developed nations. This creates a geoeconomic contrast on the continent as a whole, as these two countries constitute one of the three major poles of the world economy. Indeed, in 2015, the GDP of the United States was $18,036 billion, the highest in the world. Canada’s was $1,550 billion, placing it in tenth. These countries have diversified economies that are extremely well-integrated into global trade. The United States is home to many of the largest multinational corporations and several global cities, chief among which is New York.

However, such disparities and issues of hegemony can exacerbate international tensions, fostering an environment of heightened geopolitical cyberthreats.

Main types of Attackers

State Sponsored
Cyber Criminal
Cyber Terrorist

Adversary types

Top 3 Attacked sectors

  1. Aviation
  2. Communication
  3. Transportation

North America News

See more

​Since the end of the Second World War – and, more to the point, since the Bretton Woods agreement in 1944 – the United States has remained at the top of the international order.

 

_THE US AND CHANGING FOREIGN POLICIES IN THE ERA OF “AMERICA FIRST"

Canada, Mexico and the rest of the world have had to significantly amend their foreign policies over the last several years, under pressure during Donald Trump’s term as President of the United States from 2017 to 2021.

 

FOREIGN RELATIONS OF NORTH AMERICAN NATIONS

The leaders of Canada and Mexico, along with foreign ministries from other nations around the world, have adjusted their foreign policies either in the US’s favour or to turn away from it. For example, Canadian Prime Minister Justin Trudeau and Mexican President Enrique Peña Nieto have frequently remarked on their disagreements with President Trump, while remaining clear that they wish to continue their cooperation with the world’s leading economy. During his term, President Trump oriented its foreign policy towards a strengthening of bilateral relationships with Russia, Iran, and even China.

 

RUSSIA–US RELATIONS

The power balance between the United States and these three nations was a touchstone of Trump’s tenure, and continues to be so under Biden, albeit with less emphasis on Russia. On Russia specifically, some observers of Russia–US relations, particularly pro-Kremlin Europeans, have claimed that Vladimir Putin is an “ideal” or “useful” enemy for America. They imply that the US is almost entirely responsible for its tense, fragile relationship with Putin’s Russia, or even that it benefits from the hostility that exists between the two countries. However, the US hardly revels in the ongoing tensions, and does not appear to profit from them, not least because as Russia grows more distant from other European countries and US, it is becoming increasingly dependent on its relations with China and less inclined towards mitigating the increasing asymmetry between these powers.

 

IRAN–US RELATIONS

Relations between the US and Iran have become yet more precarious. Indeed, the recent spike in tensions starting in early 2019 is part of a broader trend of escalating diplomatic disagreements between the two countries. Already fraught after the US’s withdrawal from the Iran nuclear deal (JCPOA) in May 2018, Iran–US relations have degraded even further, especially since the Trump administration added the Revolutionary Guards to its list of terrorist organisations in April 2019 and tightened its sanctions against Tehran the following month. In 2020, relations between these two countries were aggravated yet further with the killing of the Iranian General Qassem Soleimani, the Islamic Republic’s representative in Iraq and head of the Quds Force, in an American raid in Baghdad on 3 January 2020. Despite an Iranian retaliation in the form of several missile strikes on US bases in Iraq, tensions have begun to soften as the two sides seek some level of stability.

 

CHINA–US RELATIONS

In recent years, relations between China and the United States have been beset by several geopolitical events that have strained the limits of diplomacy between the two countries. For example, in 2020, the US accused China at length of data theft and widespread espionage, leading to the closure of the Chinese consulate in Houston, Texas. The US Secretary of State justified these steps as being for the protection of US intellectual property and the personal information of individual Americans. Mike Pompeo  also described the Chinese consulate in Houston as having been a hub for espionage. Moreover, two Chinese nationals were charged by a US court with computer hacking offences for allegedly stealing data from a company working on a Covid-19 vaccine.

However, the closure of the Houston consulate in particular was all the more symbolic as it was the PRC’s first in the United States, having opened in 1979 with the reestablishment of diplomatic relations between the two powers. China viewed the closure as a step too far, declaring it an outrageous, unjustified and unilateral provocation by the US. Beijing retaliated by ordering the closure of the US consulate in Chengdu, in central China, on 24 July 2020. In a press release, the Chinese foreign minister described this as a “legitimate and necessary response to the unreasonable measures taken by the United States”

 

US FOREIGN POLICY HAVE HAD SIGNIFICANT CONSEQUENCES ON THE CYBERTHREAT LANDSCAPE.

The threat represented by Russia has been compounded by a marked increase in the number and severity of attacks since 2019. In cyberespionage, the SolarWinds attack (December 2020) demonstrated the danger posed by attacks from state-sponsored groups. This supply chain breach had a particularly serious impact because, rather than directly targeting the federal government or a private company’s network, the perpetrators attacked a third-party software supplier serving these entities. The target was an IT management platform called Orion, a product of Texas-based company SolarWinds. More than 33,000 businesses used Orion. According to SolarWinds, 18,000 of its clients were affected, including 425 Fortune 500 companies.

This heightened threat is also exemplified by the ransomware attack conducted by ATK168 using REvil, also known as Sodinokibi. The attack on software company Kaseya by the REvil ransomware operation is considered the largest ever such attack by a cybercriminal group. While 2017’s three ransomware attacks (WannaCry, NotPetya and Bad Rabbit) were larger, they were linked to state-sponsored actors rather than groups with financial motives. According to cybersecurity researchers at Symantec, some vague indications point to political motives behind the attack. The US has not explicitly linked the REvil attacks to the Kremlin, but President Joe Biden has nevertheless warned his Russian counterpart that the latter’s government must act against such criminal organisations, and that US authorities would do so if necessary. In January 2021, several members of REvil were arrested by Russian authorities obeying to a US demand. While it may appear as the reinforcement of collaboration between the two countries, the timing of this announcement raises questions as several Ukrainian government sites were targeted by a cyberattack and Russian troops are massed at the border.

Likewise, the largest oil pipeline of the US, Colonial Pipeline, fell victim to the RaaS (Ransomware-asa-Service), forcing the company to temporarily shut down its activity. The incident, which happened on May 7, 2021, affected the delivery of gas in Southern states, provoking shortages at gas pumps.

Former US President Donald Trump was also the target of several influence campaigns. These attacks appeared to originate from groups operating in China, including ATK213 (also known as APT31). This group carried out more than 150 breaches over the course of six months. In 2020, Trump called for the social media platform Tik Tok to be banned in the United States, on the basis that the data collected through the app was disseminated to the Chinese government. This ban provoked many Chinese actors to carry out influence campaigns aimed at destabilising the US elections by sowing disinformation about the President to sway voters.

 

THREATS ARE ALSO EMERGING FROM OUTSIDE OF CHINA

After months of heightened tensions between the US and Iran, there were fears that this could have been used as justification for an attempt to destabilise the US election. After Trump withdrew the US from the JCPoA in May 2018 and Iranian general Qassem Soleimani was killed on Iraqi soil in January 2019, the risk of cyberespionage or more conventional attacks (such as phishing or ransomware campaigns) aiming to destabilise the then-US President became markedly more significant. In May and June 2020, this fear was realised in the form of an attack by the group Phosphorus, which gained access to several accounts belonging to members of the administration, Trump campaign staff and others involved in the 2020 presidential election. Twitter announced that it had deleted around 130 Iran-based accounts that had disrupted the public conversation on the platform during the first campaign debate between Biden and Trump. This also illustrated a shift in technique as attackers targeted the two candidates directly and the electoral process itself. It is becoming more and more difficult to predict this type of realtime attack and proactively analyse the threat landscape to prevent them.

north america

In recent years, countries have strengthened their diplomatic and economic links with Canada as, since 2017, the US has drifted further towards protectionism. The US’s decision to heavily tax steel and aluminium imports had been extremely damaging to Canada and the member states of the European Union. The move even provoked threats of retaliation from the EU, Canada and Mexico. In May 2018, Canadian Prime Minister Justin Trudeau publicly declared his disapproval and, along with policymakers in European countries, claimed that the President’s invocation of the national security defence, referring to WTO regulations, did not hold water.

It is therefore unsurprising to see Canada looking to the nations of the Old Continent for less protectionist economic partners, more open to diplomatic relations. This transition took a significant step forward with the signing of the Comprehensive Economic and Trade Agreement (CETA) between Canada and the EU in autumn 2016. The goal of this agreement was to ease the export of Canadian products to the European market by almost completely eliminating tariff and non-tariff barriers, while creating a more stable investment context for Canadian and European businesses.

It is therefore unsurprising to see Canada looking to the nations of the Old Continent for less protectionist economic partners, more open to diplomatic relations. This transition took a significant step forward with the signing of the Comprehensive Economic and Trade Agreement (CETA) between Canada and the EU in autumn 2016. The goal of this agreement was to ease the export of Canadian products to the European market by almost completely eliminating tariff and non-tariff barriers, while creating a more stable investment context for Canadian and European businesses.

 

IN CANADA, THE CYBERTHREAT ENVIRONMENT IS CONSTANTLY CHANGING AS BAD ACTORS CONTINUE TO ADJUST THEIR STRATEGIES

As Canadians adopt new technologies and Internet-connected devices, it is certain that new threats will arise. Furthermore, Canada’s rapprochement with Europe may create a major risk from adversary foreign powers.

The Covid-19 pandemic has had a significant impact on the cyberthreat landscape in Canada. In 2019, the medical laboratory company LifeLabs fell victim to a cyberattack which compromised the personal and medical data of 15 million Canadians. The company finally paid the ransom to recover this data. Geopolitical events such as the warming of relations between Canada and the EU can also make cyberattacks more likely. For instance, activists such as environmentalists might aim to weaken CETA, as the agreement eases the process of importing polluting fuels and GMO foodstuffs. This was observed in 2017 and 2019 when Twitter data revealed that Russian and Iranian trolls had been posting to the site using fraudulent accounts. The purpose of this activity was to exacerbate divisions among Canadians and provoke conflict by widening the reach of inflammatory content on political issues like terrorism, climate change, pipeline construction, immigration policy and refugees.

Many of these disinformation campaigns have responded to significant events such as the January 2017 massacre at a Quebec City mosque or the June 2019 approval of the Trans Mountain pipeline.

Although Mexico is a multiparty democracy, power remains concentrated in the hands of the Institutional Revolutionary Party (PRI), which controlled both chambers of Congress and the presidency continuously from the Second World War until 2018. Despite persistent inequalities, the country’s industrial sector has seen a meteoric rise since the war.

Large oil reserves, exploited by a state-owned corporation, have contributed to Mexico’s economic stability, which had been shaken by plummeting prices during the 1980s. However, Mexico’s ambition to become a major power on the international stage (and within North America in particular) is hampered by several factors, including crime and immigration, which remains an issue to this day.

 

CRIME IN MEXICO

Mexican drug-trafficking cartels are among the most developed organised crime rings in the world. While fragmentation has reduced the number of such groups with large international operations, those which remain have access to networks covering most of the Americas, even extending into Europe and Asia.

These international cartels interact with foreign actors but generally lack a strong grounding in Mexico. Their activities more often take the form of joint ventures with other Mexican groups. These organisations focus on international drug trafficking, which brings in millions of dollars in revenue every year, but also engage in other activities such as oil theft, illegal logging, human trafficking, kidnapping and extortion. Mexican drug cartels have access to firearms, including military-grade weapons, and conflict between rival groups and security forces is common. Drug cartels control large tracts of territory throughout Mexico, supplanting government authority by means of bribery and intimidation to facilitate illicit activities and skew the democratic process. Politicians are frequently assassinated or threatened by organised crime groups, who ensure that public positions are filled by cooperative individuals.

In addition, the fragmentation of cartels has produced smaller offshoot groups with no permanent power structure, which pose a security threat as turf wars become more common and localised. These groups generally lack access to the necessary resources to manage transnational drug trafficking networks and favour activities such as extortion, kidnapping, vehicle theft, oil smuggling, human trafficking and smuggling, wholesale drug dealing and illegal mining. They play a key role in the drug trafficking supply chain, handling local transport and security within wider networks.

While state actors do not control criminal markets, corruption within the government and agencies responsible for law enforcement enables criminal networks and shapes illicit activities, constituting a stream of income for highranking public officials.

 

ORGANISED CYBERCRIME IN MEXICO POSES A GROWING THREAT TO CIVILIANS AS WELL AS PUBLIC AND PRIVATE ORGANISATIONS

As crime increases, the eyes of the cybersecurity world have turned towards the country. In fact, Mexico has suffered more cyberattacks than any other Latin American country besides Brazil. In both countries, emails containing links to malicious websites are fairly common. Some of these websites are believed to be among the most prolific generators of spam in the world.

Symantec placed Mexico among the 10 countries most affected by email phishing scams. Mexico was ranked seventh, after Ireland, Australia, New Zealand, Brazil, Norway and the UK.

The last few years have seen many criminal cyberattacks hit the country. For example, sites belonging to the Lotería Nacional y Pronósticos, the national lottery, were rendered inaccessible to visitors outside of Mexico after being targeted using Avaddon ransomware.

Avaddon is found throughout the world and spreads using emails styled as love letters. It appears to have been distributed by the botnet Trik (also known as Phorpiex) since early June 2020. Avaddon’s operators launched a data leak site to extort victims in August of that year. In conducting their activities, the group observed the so-called 5×5 rule, wherein the starting price in negotiations is placed at 5% of the victim’s annual revenue, which is estimated at a fifth of total revenue. Cybersecurity researchers at Advanced Intel estimate Avaddon’s total revenue at $87 million before it ceased operations in June 2021.

Furthermore, attackers are increasingly using malware capable of paralysing a whole set of systems, including supply chains, manufacturing and payments, removing the malware only after receiving substantial sums of money. One notable example was the case of Pemex, the Mexican state oil company, which was targeted using the ransomware Ryuk. Ryuk generally targets businesses with revenue between $500 million and $1 billion. Although operations appeared to continue as normal and petroleum production and storage were not affected, this attack against critical infrastructure demonstrates the severity of the cyberthreat facing Mexico.